This may be caused by multiple reasons. Here are few of the most common:

Misconfigured Identity Provider settings in vRA.

Inconsistent vRO Cluster Nodes configuration.

Integrated Windows Authentication big in vRA 7.0

Solution

Here are few things that may help you resolve such login issues.
Issue may occur if in the Identity Provider configuration, the IDP Hostname is pointing to one of the vRA VA VM’s addresses and not the vRA VM Load Balancer (LB) address.

Change the ldp Hostname to thepoint to the vRA VA LB address.

Additionally you may add all vRA VA Nodes as Connectors in the Identity Provider.

Additionally make sure you can successfully sync users and groups from AD within the Directoriestab in VRA.

Make sure that the Admin Group in the vRO Authentication Provider settings is set to the AD admin group you want to grant access to vRO.

Make sure all vRO Nodes are synchronized.

If you are using vRealize Automation/ Identity Manager with integrated Windows Authentication (IWA) make sure to vRA is version 7.1 or higher.

When Integrated Windows Authentication (IWA) AD configuration is done for AD with multiple domains (child/trusted domains) you may receive errors similar to the once above.
This issue occurs because vRealize Automation/ Identity Manager cannot perform authentication against Integrated Windows Authentication (IWA) active directory secondary/trusted domain users.
This issue is resolved in vRealize Automation 7.1
For more info visit, Unable to log in to vRO using an Active Directory user credentials (2147290)